News broke today that 25 footballers who were using Therapeutic Use Exemptions (TUE’s) during the 2010 world cup have been named by the infamous Fancy Bears hacking group. Former premier league footballers such as Carlos Tevez, Dirk Kuyt and Gabriel Heinze are among those named. IT security experts from DomainTools and AlienVault commented below.
Kyle Wilhoit, Senior Cybersecurity Threat Researcher at DomainTools:
“This data dump is yet another example of the importance of security measures to protect all kinds of data. While it’s safe to assume the release of this information has been done for politically motivated reasons, such data being released means they could have had access to player’s medical records. It is therefore not such a gigantic leap to assume that other private information about these individuals could also be accessed, compromised, and leveraged for more financially sensitive information. Additionally, this attack could be chained with something like spear phishing attacks to further target individuals.”
Javvad Malik, Security Advocate at AlienVault:
“The Fancy Bears breach illustrates how important it is to protect personal information; even more so than financial information. While financial fraud can impact individuals, there are usually safeguards in place that can help recover from a loss. However, once personal information is revealed, particularly information that can impact someone’s livelihood or public image, it is not as easy to manage.
It serves as a sobering reminder of how all organizations that process, or store any form of personal data need to have adequate threat detection and response controls in place so that any breach or potential breach can be addressed quickly to minimize the damage.”